Local Distribution Obfuscation via Probability Coupling
This work addresses privacy protection for probability distributions in data analysis, presenting a theoretical framework with incremental improvements over existing distribution privacy concepts.
The paper tackles the problem of locally obfuscating probability distributions via probabilistic perturbation, such as adding differentially private noise, by relaxing distribution privacy to divergence and proposing mechanisms that provide divergence distribution privacy. The result includes a proof that noise should be proportional to Earth mover's distance for f-divergence privacy and a coupling mechanism that optimizes utility using auxiliary information.
We introduce a general model for the local obfuscation of probability distributions by probabilistic perturbation, e.g., by adding differentially private noise, and investigate its theoretical properties. Specifically, we relax a notion of distribution privacy (DistP) by generalizing it to divergence, and propose local obfuscation mechanisms that provide divergence distribution privacy. To provide f-divergence distribution privacy, we prove that probabilistic perturbation noise should be added proportionally to the Earth mover's distance between the probability distributions that we want to make indistinguishable. Furthermore, we introduce a local obfuscation mechanism, which we call a coupling mechanism, that provides divergence distribution privacy while optimizing the utility of obfuscated data by using exact/approximate auxiliary information on the input distributions we want to protect.